CVE-2024-47712
wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param In the `wilc_parse_join_bss_param` function, the TSF field of the `ies`
structure is accessed after the RCU read-side critical section is
unlocked. According to RCU usage rules, this is illegal. Reusing this
pointer can lead to unpredictable behavior, including accessing memory
that has been updated or causing use-after-free issues. This possible bug was identified using a static analysis tool developed
by myself, specifically designed to detect RCU-related issues. To address this, the TSF value is now stored in a local variable
`ies_tsf` before the RCU lock is released. The `param->tsf_lo` field is
then assigned using this local variable, ensuring that the TSF value is
safely accessed.
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param In the `wilc_parse_join_bss_param` function, the TSF field of the `ies` structure is accessed after the RCU read-side critical section is unlocked. According to RCU usage rules, this is illegal. Reusing this pointer can lead to unpredictable behavior, including accessing memory that has been updated or causing use-after-free issues. This possible bug was identified using a static analysis tool developed by myself, specifically designed to detect RCU-related issues. To address this, the TSF value is now stored in a local variable `ies_tsf` before the RCU lock is released. The `param->tsf_lo` field is then assigned using this local variable, ensuring that the TSF value is safely accessed.
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate remote attacker could use this to expose sensitive information.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-09-30 CVE Reserved
- 2024-10-21 CVE Published
- 2024-12-19 CVE Updated
- 2025-03-20 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (16)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/e556006de4ea93abe2b46cba202a2556c544b8b2 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/b4bbf38c350acb6500cbe667b1e2e68f896e4b38 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/d80fc436751cfa6b02a8eda74eb6cce7dadfe5a2 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/745003b5917b610352f52fe0d11ef658d6471ec2 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/4bfd20d5f5c62b5495d6c0016ee6933bd3add7ce | Vuln. Introduced | |
| https://git.kernel.org/stable/c/205c50306acf58a335eb19fa84e40140f4fe814f | Vuln. Introduced | |
| https://git.kernel.org/stable/c/5800ec78775c0cd646f71eb9bf8402fb794807de | Vuln. Introduced | |
| https://git.kernel.org/stable/c/dd50d3ead6e3707bb0a5df7cc832730c93ace3a7 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.4.273 < 5.4.285 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.273 < 5.4.285" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.10.214 < 5.10.227 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.214 < 5.10.227" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15.153 < 5.15.168 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.153 < 5.15.168" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.1.83 < 6.1.113 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.83 < 6.1.113" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.6.23 < 6.6.54 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.23 < 6.6.54" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.9 < 6.10.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.9 < 6.10.13" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.9 < 6.11.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.9 < 6.11.2" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.9 < 6.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.9 < 6.12" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.7.11 Search vendor "Linux" for product "Linux Kernel" and version "6.7.11" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.8.2 Search vendor "Linux" for product "Linux Kernel" and version "6.8.2" | en |
Affected
| ||||||